deactivate ldap.attrmap

Wed Jan 30 15:28:31 CET 2008

What struck me was that you need more attributes, but maybe I missed them:

-cacertfile
-certfile
-keyfile

    -Josiah

Sebastian Heil wrote:
>> Sebastian Heil wrote:
>> ...
>>     
>>> i added the following lines to the ldap-section:
>>>       
>> ...
>>     
>>> rlm_ldap: could not start TLS Can't contact LDAP server
>>>       
>>   Maybe you need to check that there is an LDAP server listening on that
>> port?
>>
>>   Alan DeKok.
>>
>>     
>
> thanks for your fast answer, alan.
> but i am afraid, this is not the solution... the ldap-server is listening and even responding to my ldap-request. i captured the communication between the freeradius and the edirectory with etherreal:
>
> Someone any idea about the "Encrypted Alert" in no. 14?? Thanks.
>
> ---------------------
> No.     Time        Source                Destination           Protocol Info
>       1 0.000000    radtestclient       freeradius          RADIUS   Access-Request(1) (id=74, l=58)
>
>       3 0.000749    freeradius          edirectory          TCP      56302 > ldaps [SYN] Seq=0 Len=0 MSS=1460 TSV=445748676 TSER=0 WS=2
>
>       5 0.012986    edirectory          freeradius          TCP      ldaps > 56302 [SYN, ACK] Seq=0 Ack=1 Win=4380 Len=0 MSS=1460 WS=0 TSV=3386151196 TSER=445748676
>
>       6 0.013057    freeradius          edirectory          TCP      56302 > ldaps [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=445748679 TSER=3386151196
>
>       7 0.013639    freeradius          edirectory          SSLv2    Client Hello
>
>       8 0.021887    edirectory          freeradius          TLSv1    Server Hello, 
>
>       9 0.022035    freeradius          edirectory          TCP      56302 > ldaps [ACK] Seq=143 Ack=1449 Win=8736 Len=0 TSV=445748682 TSER=3386151206
>
>      10 0.030390    edirectory          freeradius          TLSv1    Certificate
>
>      11 0.030550    freeradius          edirectory          TCP      56302 > ldaps [ACK] Seq=143 Ack=1946 Win=11632 Len=0 TSV=445748684 TSER=3386151215
>
>      12 0.032263    freeradius          edirectory          TLSv1    Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
>
>      13 0.048990    edirectory          freeradius          TLSv1    Change Cipher Spec, Encrypted Handshake Message
>
>      14 0.049652    freeradius          edirectory          TLSv1    Encrypted Alert
>
>      15 0.049923    freeradius          edirectory          TCP      56302 > ldaps [FIN, ACK] Seq=506 Ack=2005 Win=11632 Len=0 TSV=445748689 TSER=3386151237
>
>      17 0.057441    edirectory          freeradius          TCP      ldaps > 56302 [ACK] Seq=2005 Ack=507 Win=4885 Len=0 TSV=3386151247 TSER=445748689
>
>      18 0.057774    edirectory          freeradius          TLSv1    Encrypted Alert
>
>      19 0.057807    freeradius          edirectory          TCP      56302 > ldaps [RST] Seq=507 Len=0
>
>      20 0.057880    edirectory          freeradius          TCP      ldaps > 56302 [FIN, ACK] Seq=2042 Ack=507 Win=4885 Len=0 TSV=3386151247 TSER=445748689
>
>      21 0.057903    freeradius          edirectory          TCP      56302 > ldaps [RST] Seq=507 Len=0
>
>
>   

-- 
Wm. Josiah Erikson
Computing Support
School of Cognitive Science
Hampshire College
Amherst, MA 01002
(413) 559-6091